Read Bill Ministerial Extracts
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateBaroness Barran
Main Page: Baroness Barran (Conservative - Life peer)Department Debates - View all Baroness Barran's debates with the Department for Digital, Culture, Media & Sport
(3 years, 5 months ago)
Lords ChamberThat the Bill be now read a second time.
Relevant documents: 5th Report from the Constitution Committee and 4th Report from the Delegated Powers Committee
My Lords, this past year has put into sharp focus the importance of digital connectivity, which has been vital in keeping both people and industries going in these challenging times. In the other place, my right honourable friend the Secretary of State spoke about the potential for 5G and gigabit broadband to transform our lives. The Government are investing billions of pounds into these cutting-edge technologies. However, we can be confident in the technology only if we know that it is secure.
That is why we have introduced the Telecommunications (Security) Bill. The Bill will create one of the toughest telecoms security regimes in the world. It will protect our telecoms networks even as technologies grow and evolve, shielding our critical national infrastructure both now and for the future. I will briefly outline the context for the Bill and why it is necessary, before turning to the intent of its clauses and delegated powers.
The security and resilience of 5G and full-fibre networks is not just in the national security interests of the UK. It is also crucial to the UK’s economic interests and future prosperity. The House will recall that this Government published the UK Telecoms Supply Chain Review Report in July 2019. It found that telecoms providers lack incentives to apply security best practices and recommended a new framework for the UK’s public telecoms providers that will respond to new and emerging threats to the security of our networks. The review also recommended new national security powers for the Government to control the presence of high-risk vendors in UK networks. The Bill is our response to those recommendations.
I will now outline the intent of the Bill’s clauses, which can be broadly separated into two groups. Clauses 1 to 14 introduce a stronger telecoms security framework, placing new security duties on public telecoms providers. Clauses 15 to 23 introduce new national security powers to address the risks posed by high-risk vendors.
I turn first to Clauses 1 to 14. The Bill amends the Communications Act to create a tough new telecoms security framework, which consists of three layers. First, the Bill places strengthened overarching telecoms security duties on public telecoms providers in primary legislation. Secondly, specific security requirements will be set out in secondary legislation. Thirdly, guidance on the detailed technical measures that providers could take to comply with their legal obligations will be set out in a code of practice. The new legal duties in the Bill and the measures in the secondary legislation will apply to public telecoms providers operating within the UK.
To illustrate the specific measures that providers may be expected to adopt, we published an illustrative first draft of the security framework regulations on GOV.UK in January. We have been, and continue to be, in close contact with industry following the publication of the draft regulations. Comments received as part of this engagement are being considered in the drafting of the final version. We will launch a public consultation on the draft code of practice once the Bill achieves Royal Assent. This will ensure that views from all impacted groups are heard ahead of the new framework coming into force.
The Bill provides Ofcom with a new general duty to seek to ensure that telecoms providers comply with their new security duties and builds on Ofcom’s existing security duties. Ofcom will have new powers to assess providers’ compliance. In cases of non-compliance, Ofcom will be able to issue a notification of contravention and, ultimately, financial penalties of up to 10% of turnover. Recognising that Ofcom will have expanded duties, DCMS is working with it to ensure that it has the necessary capability and capacity to deliver those vital functions. We have already increased Ofcom’s security budget for this financial year by £4.6 million to reflect its enhanced security role, in addition to its existing funding. Ofcom will also continue to work closely with the National Cyber Security Centre in the delivery of its security functions. The two organisations have published a statement, available on Ofcom’s website, which sets out how they plan to work together.
Clauses 15 to 23 introduce new national security powers to manage the risks posed by high-risk vendors in our telecoms networks. The Bill includes new powers for the Secretary of State to designate specific vendors in the interests of national security and issue directions to public communications providers. Those directions will place controls on a provider’s use of goods, services and facilities supplied by a designated vendor. Once a designated vendor direction is issued, the Secretary of State can direct Ofcom to collect information from providers and report back so that the Secretary of State can determine whether a provider is complying with a direction. Government amendments were passed in Committee in the other place to bring the powers in Clauses 15 to 23 into force immediately upon Royal Assent.
The Government have announced that UK telecoms providers should cease to install Huawei equipment in 5G networks after September 2021 and remove all Huawei 5G equipment by the end of 2027. We published an illustrative direction and designation notice in November 2020 to demonstrate how the powers in the Bill could be used in relation to Huawei in line with these announcements. Once the Bill receives Royal Assent, any proposed designated vendor directions and notices will be subject to the relevant consultation requirements set out in the Bill.
I will now turn to the delegated powers in the Bill. It contains nine delegated legislative powers to make secondary legislation and two administrative powers. Six of the delegated legislative powers are to amend the maximum penalties specified in the Bill. These are Henry VIII powers and are subject to the draft affirmative resolution procedure. A further two are powers to create regulations setting out specific measures to be taken to comply with the new security duties and are subject to the negative resolution procedure. Finally, one power is to make regulations commencing certain provisions in the Bill and is not subject to any procedure. The two administrative powers are the power to issue codes of practice and the power to give designated vendor directions to providers.
Our approach to the delegated legislative powers is in keeping with precedent. The powers to amend maximum penalties in the Bill are consistent with those in the Communications Act 2003. I appreciate the need for Parliament to have the right mechanisms to scrutinise the powers that we are taking in the Bill. I am confident that the approach we have taken finds the appropriate balance. As the House would expect, we have submitted the delegated powers memorandum to the Delegated Powers and Regulatory Reform Committee. I thank it very much for its prompt report on the memorandum, which I read with interest. The Government will consider the committee’s recommendation concerning the power to issue codes of practice about security measures and aim to respond to the report fully in due course.
To conclude, the Bill has not been designed around one company, one country or one threat. Its strength is that it will create an enduring and effective telecoms security regime that will be flexible enough to keep pace with changing technology and changing threats. I hope that noble Lords on all sides of the House will welcome it. I beg to move.
My Lords, I thank all noble Lords who contributed to this rich debate for their contributions, for the warm welcome they offered the Bill, and for the way in which, in very different ways, they highlighted the importance of the issues which the Bill seeks to address.
Today’s debate has been wide-ranging. We have debated the principles and the practice of the Bill and we have touched on a number of issues that are beyond its scope. I shall start my closing remarks by focusing on those matters that speak directly to the Bill, as well as those that are closely adjacent to it, such as diversification, before moving on, if, as I hope, time permits, to other matters raised in the debate. Some of the issues raised sit beyond my department’s remit, but I will do my best to respond to them and will write to all noble Lords on any matters that time does not permit me to address today. I stress that I and my officials are very open to continuing these discussions in more detail ahead of Committee.
As my right honourable friend the Secretary of State said at Second Reading in the other place, the Bill raises the security bar across the board and protects us against a whole range of threats. Although there may be disagreement on some points in the Bill, I welcome the fact that it clearly has strong support in this House and, as we saw, the other place. We are all committed to putting the UK’s national security interests first.
Before I go into the detail of the Bill, the noble Baroness, Lady Merron, rightly asked how it fits with wider regulation of critical national infrastructure. This is indeed one of a number of measures that the Government are taking to protect the security and integrity of that infrastructure. So, while this Bill focuses on telecoms security, there is already a range of regulations governing the security of other critical sectors, each tailored to different risks. The Bill will complement those pre-existing regulations by ensuring the security and resilience of the public telecoms networks on which our critical sectors rely.
The recently enacted National Security and Investment Act, to which the noble Baroness referred, empowers the Government to scrutinise, impose conditions on or, as a last resort, block foreign investment wherever there is an unacceptable risk to Britain’s national security. Rather than addressing investment, the Bill would enable the Government to protect our networks from risks posed by vendors who supply, provide or make available goods, services or facilities to public telecommunications providers. Once it is passed, the Bill will work alongside the National Security and Investment Act to protect our networks from threats, both now and in the future. My noble friend Lord Young of Cookham also asked how different government departments were co-ordinating their policy responses in this area. I will take up his kind invitation to write to him, and will of course copy other noble Lords into my response.
A number of your Lordships, including the noble Lord, Lord Clement-Jones, my noble friends Lord Vaizey and Lady Stroud, the noble Lord, Lord Alton, and the noble Baroness, Lady Merron, all asked how we were managing the risk posed by Huawei in the interim, ahead of the Bill becoming law. The Government have always considered Huawei to pose a relatively high risk to the UK’s telecom networks compared with other vendors. There has been a risk mitigation strategy in place since Huawei first began to supply equipment to the UK’s public telecoms providers.
The Government have announced extensive advice to manage the security risk posed by Huawei, based on the analysis of our world-leading experts at the National Cyber Security Centre. The Secretary of State has announced advice that providers should remove all Huawei equipment from 5G networks by the end of 2027 and, in order to clearly set out the pathway to zero, he also announced advice that providers should stop procuring new 5G equipment from Huawei after 31 December 2020 and stop installing Huawei equipment in 5G networks after September 2021. Together, all this advice will protect our networks from the risks posed by Huawei. Once passed, and subject to the relevant consultation requirements, the Bill will enable the Government to give legal effect to all this advice.
My noble friend Lady Stroud asked about other high-risk vendors. The Bill responds to the threats and risks that we outlined in the telecoms supply chain review. It gives us the ability to manage any high-risk vendor, both now and in future. We have named Huawei and ZTE as high-risk vendors, but we will continue to keep the presence of high-risk vendors under review.
A number of your Lordships, including the noble Baroness, Lady Merron, my noble friends Lord Vaizey and Lord Young of Cookham, and the noble Lord, Lord Fox, talked about the role, resources and capacity of Ofcom. We are confident that Ofcom will have the capability and resources to undertake its expanded role, although we recognise the competitive market for recruitment in this area. As I mentioned in my opening remarks, the Bill places a new, general duty on Ofcom to ensure that providers comply with their new security duties. We are working closely with Ofcom to ensure that it has the required resources to meet its new responsibilities, and we will keep that under review.
I shall now cover the issues relating to scrutiny in the Bill. The first of these relates to the Secretary of State’s ability to issue designation notices and designated vendor directions. This issue was discussed at length in the other place throughout the passage of the Bill, and more recently was referred to by the Constitution Committee, and I will address the remarks of both that committee and the Intelligence and Security Committee.
The noble Lord, Lord Clement-Jones, raised the recommendation from the Constitution Committee to increase oversight of the Bill’s powers by making them fall within the remit of the Investigatory Powers Commissioner. I can reassure noble Lords that the Secretary of State will use the power to issue designation notices and designated vendor directions only when it is necessary to do so in the interests of national security and where the requirements to be imposed are proportionate. The Bill already contains effective mechanisms for oversight of the Secretary of State’s use of the powers to give a designated vendor direction or designation notice.
The Bill requires the Secretary of State to lay copies of designation notices and designated vendor directions before Parliament. This will provide Parliament with the opportunity to scrutinise the use of these powers. On very rare occasions, the Secretary of State may choose not to lay a designation notice or direction before Parliament, because to do so would be contrary to the interests of national security. Where this is the case, the DCMS Select Committee will be able to view such directions and notices.
The Investigatory Powers Commissioner has responsibility for reviewing the use by public authorities, such as intelligence agencies, police and local authorities, of the powers in the Investigatory Powers Act. However, the Investigatory Powers Act regime is not directly comparable with the new powers and framework set out by the Bill. Oversight of the Investigatory Powers Act regime by the Investigatory Powers Commissioner is considered appropriate because of the potential intrusion into the private lives of individuals as a result of the use of covert powers. The national security powers in this Bill are very different from those in the Investigatory Powers Act: they are focused on protecting public telecoms networks and services from the threats posed by high-risk vendors.
The noble Lord, Lord West, the noble Baronesses, Lady Merron and Lady Northover, the noble Earl, Lord Erroll, and others raised the issue of scrutiny by the Intelligence and Security Committee. I pay tribute to the noble Lord, Lord West, and all other members of the Intelligence and Security Committee for the important work they do. We recognise the importance of effective scrutiny of the use of the Bill’s powers, and I am happy to correct the impression that the noble Lord, Lord West, suggested—that the Government want to avoid scrutiny in the Bill. That is why, as I said, the Bill requires the Secretary of State to lay copies of designation notices and designated vendor directions before Parliament, unless doing so would be contrary to the interests of national security. I referred to circumstances where this might be possible in my remarks on the advice of the Constitution Committee.
As noble Lords are aware, the activities of DCMS are not within the remit of the Intelligence and Security Committee. That committee’s remit extends to the intelligence agencies and other government activities related to intelligence or security matters, as set out in its memorandum of understanding. But the advice of the intelligence agencies will not be the only factor that the Secretary of State will take into account when deciding what is proportionate to include in a designated vendor direction. As well as the advice of the National Cyber Security Centre, the Secretary of State will consider, among others, the economic impact, cost to industry and impact on connectivity of the requirements in any designated vendor direction.
The ISC does not have a remit to consider non-security issues, such as the economic and connectivity implications of the requirements in designated vendor directions, but the DCMS Select Committee can consider those wider impacts. That is why, despite my noble friend Lord Balfe’s caution in this regard, we believe the DCMS Select Committee is the correct and appropriate body to see copies of designation notices and designated vendor directions that are not laid before Parliament.
My noble friend Lord Young of Cookham asked whether a designation notice or designated vendor direction is justiciable. Designated vendor directions and designation notices are subject to ordinary judicial review principles. However, the Secretary of State will issue designation notices and designated vendor directions only where they are necessary in the interests of national security and where the requirements in the direction are proportionate. As I mentioned, there are exceptions, which we expect to be rare, where it could be harmful to national security to lay a direction before Parliament, for example where doing so would expose particular security vulnerabilities.
The noble Lord, Lord Clement-Jones, asked about the delegated powers in the Bill and the recommendations of the Delegated Powers and Regulatory Reform Committee, as did my noble friend Lord Young of Cookham. The committee has made one recommendation relating to the power to issue codes of practice about security measures. I am sure that the House will appreciate that we need some time to consider the recommendation. We will respond once we have done that.
A number of noble Lords, including the noble Earl, Lord Erroll, the noble Lord, Lord Fox, and my noble friends Lady Morgan and Lord Vaizey, raised issues about the Government’s work on diversification. Although this is not a matter that the Bill speaks to directly, as your Lordships pointed out, I am delighted to address it. The Government recognise the importance of a diverse supply chain for creating a resilient national telecoms network, which is why we published the 5G diversification strategy alongside this Bill. That takes forward the Government’s commitment in the telecoms supply chain review to respond to the lack of diversity in the supply chain. We are leading the way in solving this through our ambitious diversification strategy.
The diversification task force, led by my noble friend Lord Livingston of Parkhead, has now concluded its initial work. Its findings and recommendations were published on 20 April. As my noble friend Lord Young pointed out, they raise the opportunity for our businesses in this area to win new markets through the creation of shared standards. The Government will respond to the task force’s findings and set out our next steps in this ambitious programme this summer. My noble friend Lord Holmes asked for an update on our UK telecoms lab. We will be able to say more on that later this year, but we plan to respond to all of the priorities raised in the very helpful report from the diversification task force.
The noble Lord, Lord Fox, asked for a definition of “incumbent suppliers”. The diversification strategy defines them as those present in the network that are not high-risk vendors, which therefore would include non-UK businesses such as Nokia and Ericsson.
The noble Baroness, Lady Northover, and the noble Lord, Lord Clement-Jones, asked about our engagement with business. We continue to engage regularly and closely with public telecom providers, including the largest companies, such as BT, and the trade bodies representing small businesses. Their feedback has been invaluable in our policy development. We will consult with them further on the draft code of practice after Royal Assent to ensure that all those affected can make their voices heard.
The noble Lord, Lord Maxton, asked about our international engagement. We have engaged with partner countries throughout the drafting of this Bill and will continue to do so once it has passed. As he rightly pointed out, our networks face similar challenges to those of networks in other countries. It therefore makes absolute sense to find international solutions to them.
The noble Lord, Lord Vaux of Harrowden, obviously has a similar social life to mine. I definitely get more fraudulent calls than I do any other type of communication. As I wrote to him, this Bill is not intended to address the extremely important issues that he raised. The Government are exploring a range of different measures aimed at tackling criminal abuse of the telecommunications network, including fraud. This work is led by the Home Office. I am happy to meet with him to discuss it further if that is helpful or co-ordinates him being in touch with the right colleagues at the Home Office.
Turning to the issues of human rights, the noble Lord, Lord Alton, asked about the compliance of the ministerial statement on the face of the Bill with the Human Rights Act. As printed, I made a statement under Section 19 of that Act that:
“In my view the provisions of the Telecommunications (Security) Bill are compatible with the Convention rights”
as defined by Section 1 of the Act. I stand by my statement. I do not think there are any provisions in this Bill that are incompatible with the convention rights. The statement is about the content of the Bill. The noble Lord has implied that actions of another country might bring the Bill’s compatibility into question, but I think that is a misunderstanding of the purpose of the statement.
Many of your Lordships rightly raised issues of human rights in China, including the noble Baronesses, Lady Northover and Lady Merron, the noble Lord, Lord Fox, and my noble friends Lady Stroud and Lord Balfe. I start by paying tribute to the noble Lord, Lord Alton, for his ongoing commitment to standing up for human rights around the world, including in Xinjiang. The Government stand in complete solidarity with him and the eight others who were sanctioned by China. This House has debated these issues at length and rightly so, as they are important. The Government share the noble Lord’s serious concern about the human rights situation in Xinjiang. Indeed, he recently secured a Question for Short Debate on this topic, to which my noble friend the Minister of State for South Asia and the Commonwealth responded.
It is because this issue is so important that we have, as a Government, taken a wide range of actions this year and I cannot accept his suggestion of complacency on the part of the Government. The UK Government have led international efforts to hold China to account for its human rights violations in Xinjiang. We led the first two statements on Xinjiang at the UN and have utilised our diplomatic network to raise the issue up the international agenda. Most recently, on 22 June, the UK joined 43 other countries at the UN Human Rights Council to condemn China’s human rights violations in Xinjiang and Tibet, as well as the deterioration of fundamental freedoms in Hong Kong referred to by the noble Baroness, Lady Bennett, and others. On 13 June, the G7 leaders’ communiqué called on China to
“respect human rights and fundamental freedoms, especially in relation to Xinjiang”.
Noble Lords will be aware that in January the Foreign Secretary announced a package of measures to help ensure UK businesses and the public sector are not complicit in human rights violations or abuses in Xinjiang. Those measures include robust and detailed new guidance to businesses, a review of export controls as they apply to China, a commitment to introduce financial penalties under the Modern Slavery Act and increasing support for UK government bodies to exclude suppliers complicit in violations.
I know the noble Lord is particularly interested in hearing more about the review of export controls. He will be aware that export controls are already applied to a range of goods which may be used for internal repression or to breach human rights, as set out in the Export Control Act 2002 and accompanying secondary legislation. The review announced by the Foreign Secretary in January will ensure that we have captured the full range of goods as applicable to the current situation in Xinjiang and will determine which additional specific products will in future be subject to export controls. The Government will report back to Parliament on the outcome of the review in due course.
I also note the Private Member’s Bill introduced by the noble Lord, Lord Alton, regarding the duty on businesses to produce modern slavery statements. The Government have already committed to strengthening Section 54 of the Modern Slavery Act 2015 and I know that the noble Lord engages regularly with the Home Office on this matter. I can reassure all your Lordships that tackling modern slavery continues to be a priority for this Government. This is why the Government announced a review of our modern slavery strategy earlier this year.
A new strategy will cover our cross-government response, including how business and government can effect change through their supply chains. In September 2020, the Government committed to take forward an ambitious package of measures to strengthen the Act. As I have mentioned, this was followed in January 2021 by a commitment to introduce financial penalties for organisations that fail to meet their statutory obligations to publish modern slavery statements under the Act. Legislation to take these reforms forward will be introduced when parliamentary time allows.
The amendment tabled and adopted during the passage of the Trade Act further highlights that the Government take these issues seriously. The amendment ensures that a debate and vote in Parliament can happen in response to credible reports, expressed by a responsible Committee, about genocide in a country with which we are proposing a new free trade agreement. I can now confirm that the Foreign Affairs Select Committee in the other place has agreed to be charged with this role, subject to agreement by the House. Discussions are still ongoing in the other place and will begin in this House when there is a willing Committee.
This Bill, however, is focused on the security of the UK public telecoms network and services. It is not the right legislative vehicle to address concerns about human rights and modern slavery. Clause 16 makes it clear that designation notices can be issued to vendors only where the Secretary of State considers that it is necessary to do so in the interests of national security. The Government consider that the Secretary of State should be required to assess national security as strictly about the security of our nations.
I apologise to noble Lords: I know that I have overrun but it was a rich debate. I hope noble Lords will accept that it was worth addressing some of the important points raised. I look forward very much to working with your Lordships across the House to pass this important legislation. As I have said, the Bill will create one of the toughest regimes for telecoms security in the world. It will enable us to protect our critical national infrastructure and shield our networks for years to come. The noble and gallant Lord, Lord Stirrup, gave the Government a helpful and powerful challenge: to be forward-looking as we think through this legislation; to recognise the need for a balance between cost, resilience and risk; and to adopt an approach that combines agility and adaptability. Again, I invite noble Lords who wish to talk about any particular issues related to the Bill to contact me or my officials, and I look forward to debating this further in Committee.
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateBaroness Barran
Main Page: Baroness Barran (Conservative - Life peer)Department Debates - View all Baroness Barran's debates with the Department for Digital, Culture, Media & Sport
(3 years, 5 months ago)
Grand CommitteeI thank all noble Lords for these amendments, which seek to strengthen the resilience of our telecoms networks by putting a new monitoring requirement on providers in relation to vendors in other jurisdictions, adding to the list of matters to which a requirement in a designated vendor direction may refer, and requiring the Secretary of State to review decisions taken by Five Eyes partners to ban vendors on security grounds.
We recognise the aim of having a comprehensive approach to telecoms security that includes the provider and government. The Bill follows this approach. A number of your Lordships said that I could be advised that the amendments are not unnecessary, but one issue the amendments raise is that of clarity of responsibility in the Bill. We believe genuinely that these amendments would blur some of that clarity.
The Bill as drafted is clear that it is the responsibility of government, not public communications providers, to set security duties and to designate vendors who pose a national security risk. In doing so, the Government, via the National Cyber Security Centre and other agencies, will monitor companies globally, including, of course, in the Five Eyes countries. It is then up to the providers to implement the security duties placed upon them and to comply with any designated vendor directions issued to them.
Amendment 1 in particular risks blurring these lines of responsibility and requiring telecoms providers to spend disproportionate resources on monitoring vendors internationally. This amendment seeks to place a new duty on public telecoms providers to review vendors of goods or services to those providers which are prohibited from other jurisdictions on security grounds, and to review the reasons for the prohibition. This would require public telecoms providers to monitor the policies and regulations of all other jurisdictions to understand whether those jurisdictions had banned certain companies from operating. This would be an onerous, disproportionate duty to place on industry.
Furthermore, in some cases, it may be impossible for telecoms providers to comply with the duty. The amendment states that telecoms providers must review the reasons for a vendor’s prohibition from a jurisdiction. As noble Lords will be aware, many jurisdictions have opaque decision-making processes, where it may be difficult, if not impossible, for telecoms providers to review the reasons for the prohibition of certain companies. Moreover, new Section 105A, which is inserted by Clause 1, places a strengthened overarching security duty on public telecoms providers. This duty is centred on an appropriately future-proofed definition of security compromises. Clause 1 therefore already ensures that telecoms providers undertake appropriate risk management to guard against any relevant threats to network security. In the light of this, I do not consider that this amendment is either proportionate or necessary, given the burden that it would place on telecoms providers and the duties already contained in the Bill.
Amendment 20 seeks to clarify that a requirement in a designated vendor direction may make provision by reference to the sourcing of goods, services and equipment from a specified country, or from sources connected with a specified country. While it is important that we protect our networks from the threats posed by hostile state actors, I do not consider this amendment to be necessary. As currently drafted, the Bill already allows for requirements to be included with provisions relating to the “source” of goods, services and facilities supplied by a designated vendor. I would consider that countries, and sources connected to countries, would already be captured by this wording.
Further, the list of matters that the noble Lord seeks to amend is explicitly non-exhaustive. The Bill is clear that the provisions of a requirement may refer to matters other than those listed in the Bill. It is therefore already possible for a requirement in a direction to refer to the country from which goods, services and facilities are sourced, if the Secretary of State considers that such a requirement is necessary in the interests of national security and proportionate to the aim that is sought to be achieved. As such, this amendment would not achieve anything that is not already possible under the provisions of the Bill as drafted.
Amendment 27 seeks to add a new section to the Communications Act 2003. This amendment would require the Secretary of State to review decisions taken by Five Eyes partners to ban telecoms vendors on security grounds and consider whether similar action is required in the UK.
A number of Members of the Committee, including the noble Lords, Lord Alton and Lord Coaker, and the noble Baroness, Lady Northover, stressed the importance of co-operation. She asked whether this was happening anyway. The short answer is that it is. The UK is already committed to a close partnership, and engages regularly with the Five Eyes. The UK’s telecom networks face similar challenges to networks in other countries.
The Government have engaged with partner countries on the approaches to high-risk vendors throughout the drafting of the Bill and will continue to do so once it is passed. I reassure the Committee that we are in regular contact not only with the Five Eyes nations but with other key partner nations—for example, Japan, France and Germany, to name but a few. Therefore, a requirement to review their decisions to ban a high-risk vendor and consider whether to issue a designated vendor direction in the UK would be unnecessary.
The noble Baroness, Lady Northover, asked more broadly how we worked with other countries in relation to national security. We have always maintained that each country needs to implement the mitigations that are right for their national circumstances. Of course in practice, Governments are adopting similar measures to address the risks, and adapting them to meet their own national circumstances. For example, the Netherlands, Germany and Australia have all either adopted or are planning to adopt security measures comparable to those set out in the UK’s draft secondary legislation, which the Bill would allow us to implement.
In July 2020, following advice from the National Cyber Security Centre, the National Security Council considered the impact of US sanctions in relation to Huawei. It considered that further action was needed, as the new US restrictions made oversight of Huawei products significantly more challenging and potentially impossible. That is another example of how the UK already regularly reviews security advice and requirements in response to international considerations.
Some of the issues raised were closely linked to the Bill, while others were slightly less so. The noble Lord, Lord Fox, asked how Ofcom and the NCSC would work together in practice. To formalise the relationship between the two organisations, they are in the process of developing a memorandum of understanding and have published a statement, available on the Ofcom website, that sets out the three key principles that they will follow. They are: first, that the National Cyber Security Centre will provide expert technical cybersecurity advice to Ofcom to support the implementation of the new telecoms security framework; secondly, that they will exchange information where necessary and permitted by law; and, thirdly, that the National Cyber Security Centre will continue to provide incident management support during serious cybersecurity incidents, both to telecoms operators and to Ofcom as needed.
The noble Earl, Lord Erroll, suggested that our broadband rollout programme had stalled—forgive me if I misheard—but I do not accept that. We as a Government remain committed to delivering nationwide gigabit and mobile connectivity as soon as possible. We have put in place £5 billion of funding to roll out next-generation gigabit broadband and have already connected more than 1 million hard-to-reach homes and businesses. Despite the pandemic, the expansion has been extraordinary, with 40% of premises now having access to gigabit-capable broadband, which will rise to 60% by the end of this year.
I congratulate the Minister on introducing the Barran scale of nuance, which will no doubt become a classic in future. She did not address the issue of componentry, if you follow my drift. It seems to me, in analysis, that what tipped the balance in the sense of Huawei was the absence of American-made chips. Were that not to have happened, the NCSC would not have recommended the widescale removal that we have seen. That appears to be the implication. There seems to be an element of component monitoring going on, although in this case the monitoring appears to have been done more by the Americans than by the United Kingdom. It comes back to that fundamental point: at what level is the Bill going to be applied? Will it be applied on the overall capability of the system? In other words, is it a systems capability issue? Is it a subsystem operational outcome view, the individual pieces that go to make those subsystems, or the software that drives the overall system? How will the Bill actually be put into process?
I may need to write to the noble Lord about the technical details he has set out. I think for the approach to be effective it needs to incorporate all elements of that. An overall system cannot be a capable system if the subsystem is not. There needs to be coherence across the equipment that is supplied and our understanding of how it operates in practice and the component parts to inform the judgment about its security or not. I am happy to follow up in writing if he is agreeable.
I thank all noble Lords who have participated in the debate and the Minister for her replies. I thought that the intervention just now by the noble Lord, Lord Fox, was important. It drives at one of the issues that we have debated today in the context of Nexperia and what is happening to a British company that has been acquired by a Chinese company through its Dutch affiliate. It is about computer chips. It is about semiconductors. It is about our ability to be able to control what goes into the technology that the Bill is very much about. That is not an on-the-side question; it is a very important central question and I look forward to seeing the response that the Minister gives to the noble Lord, Lord Fox, when she looks at it further.
I turn now to some of the contributions made today. The noble Baroness, Lady Northover, in a typically powerful and thoughtful intervention, invited us to delve more deeply. That is what we have been doing during this afternoon’s proceedings. She emphasised the importance of countries working together. She regretted, with sadness, that we have been forced to make some of these decisions about our own individual ability to acquire intelligence as a result of our decision to leave the European Union.
I thought it was interesting that, earlier today, the European Commission issued new guidance to combat forced labour in supply chains. It rather puts our laggardly and perfunctory efforts to shame. The guidance provides concrete, practical advice on how to identify, mitigate and address the risks. This issue has been referred to and the noble Baroness has said that she is going to write to us further on modern-day slavery and supply chains. High Representative/Vice-President Josep Borell says that the guidance
“will help EU companies to ensure their activities do not contribute to forced labour practices in any sector, region or country.”
It paves the way for future legislation which will have enforcement mechanisms and should introduce a mandatory due diligence duty, requiring European Union companies to identify, prevent, mitigate and account for sustainability impacts in their operations and supply chains.
Our amendments today would gather that kind of information. I simply do not accept that it is impossible for companies, in partnership with government—a point made by the noble Baroness in opposition to these amendments was that this would place too much responsibility on companies—or countries such as our own to collect this information. Like other noble Lords around the table, I have no staff. The information I gave to the Committee today is publicly available and, with a little bit of research, it can be obtained without too much difficulty. It is absurd to suggest that it is beyond the ability of companies or countries to collect information and share knowledge. The example from the European Union underlines what the noble Baroness said to us today.
The noble Lord, Lord Naseby, was, as always, asking all the right questions. From our many years together in another place, as well as here, I am always happy to stand with the noble Lord, not least because of his experience in many parts of the world. It is important to ensure that our people who are in post in many of our embassies are given the ability to ask these searching questions and to ensure that the information comes back to us, to prevent many of the expensive mistakes that have been made around Huawei, and which have been referred to during the debate, happening all over again.
My noble friend Lord Erroll was right to say that there are human rights abuses in many countries. Like him, I become indignant about some of those abuses; I do not argue, though, that we should no longer trade with those countries. I always prefer that we trade with countries that are on a trajectory to reform, that are law-abiding and that believe in human rights and democracy, but I accept that it would be impossible to take out of supply chains any country that carries out any kind of human rights violation.
However, there are certain markers that we can look to. One of them is our legal duty under the 1948 convention on the crime of genocide. This is not a word to be used lightly. The word “genocide” came into our vocabulary thanks to a Polish Jewish lawyer, Raphael Lemkin, who had seen over 40 of his own family murdered in the Holocaust. During the proceedings on the telecoms infrastructure Bill last year, I gave examples from that period of how companies such as Philips had their own forced labour in the camps where people were dying. I gave the example of Corrie ten Boom, a Dutch woman who had given refuge to escaping Jewish people trying to flee the Holocaust. She and her sister were arrested and sent to work in that factory; her sister died there. Corrie ten Boom wrote a deeply moving book called The Hiding Place. That is the comparison I seek to draw.
It is not just me. In April this year, the House of Commons said that what is taking place in Xinjiang is genocide—it is only the second time that it has ever made such a declaration, so this is of a different order. Where there is genocide, we, as signatories to an international treaty—the 1948 convention on the crime of genocide—have a legal obligation to predict the signs of genocide, prevent it from happening, protect those affected and prosecute those responsible. I accept my noble friend’s argument—we are not going to stop trading tomorrow with Gulf states or whomever it may be who is doing fairly odious things—but the crime of genocide is surely in a different league.
This is a really important discussion. I do not want to speak for too long but the noble Earl, Lord Erroll, was right to say that the Bill is about security and not just “anything”. None of us on the Committee wants to compromise the nation’s security or compromise the ability of our military personnel to conduct necessary operations. However, sometimes in legislation words really matter—they are the law of the land. That is why scrutiny of legislation in Committee like this is so important, word by word and line by line, otherwise—and I will have a series of questions for the Minister on this—down the line in one, two, three or five years, something will happen and everybody will go, “How was the word ‘anything’ included?” The unintended consequence of legislation is something that we need to consider, or people will ask how something happened—how that word was allowed.
With that in mind, it is important that the Minister explains to the Committee how this definition is arrived at. The starting point would be to ask her to explain the differences between having the word “anything” and having the phrase “security issue”. Can she give examples of how the Bill would be weakened by having that term rather than “anything”, and what “anything” means—apart from saying that it means “anything”? What does it actually mean, given that the Bill is supposed to be about security issues, as the noble Earl said?
The Government argue that the duty on providers is appropriate and proportionate to ensure that the effects of compromise are limited and to act to remedy the impacts. I understand why Ministers are keen to keep the definition wide, but on its own it is not good enough. For example, can the Minister explain whether there are any thresholds to what amounts to a security compromise, or is it “anything”, and what does that mean to an individual who might stray into territory that they are not sure about? How was the Bill’s definition arrived at? Who came up with it and what advice did they receive? Were alternatives suggested to it, what did security experts say to the Minister was necessary, and were there dissenting voices?
In seeking clarification, I wonder whether the Minister can explain why the definition does not include, as I understand it, the presence of supply chain components, as the noble Lord, Lord Fox, mentioned on the earlier group of amendments, if they represent a security threat. Maybe it does—but could the Minister clarify that? We need to know that to understand the diversification of the supply chain and how effectively or not it is proceeding. It is important to consider the components of the supply chain, particularly when identifying where they are a threat to our national security. As I see it, that is not included in Clause 1, but perhaps the Minister can tell me that it is and that I have not read the clause correctly. If so, where is it?
I go back to where I started. These amendments are important in testing how the Government have arrived at this use of “anything”. I know it sounds like semantics —what does “anything” mean?—but the point made by the noble Earl, Lord Erroll, is crucial. The Bill is a security Bill. That being so, why does “anything” appear and why is “security issue” not the appropriate way to describe this? Why is it not included in the Bill? It is necessary for the Committee to understand the Government’s thinking on this for us to consider whether we need to bring back this matter on Report.
My Lords, the Committee will recall that the UK Telecoms Supply Chain Review Report in July 2019 found that telecoms providers lack incentives to apply security best practice. This Bill is our response to its recommendations and takes forward the Government’s commitment in the report to introduce a new security framework, including new legal duties and requirements, to ensure that telecoms providers operate secure and resilient networks and services.
I thank the noble Lords, Lord Fox and Lord Clement-Jones, for tabling these amendments to Clause 1. Before I address them directly, I hope that it will be helpful if I set out some brief context for the clause as it appears in the Bill and try to address the challenges posed by the noble Lord, Lord Coaker.
Clause 1 inserts a new Section 105A into the Communications Act 2003. New Section 105A places a duty on public telecoms providers, first, to identify the risks of security compromises; secondly, to reduce the risks of compromises occurring; and, thirdly, to prepare for the occurrence of security compromises. To support the duty, new Section 105A creates a new definition of “security compromise”. The definition is purposefully broad and includes anything that compromises the availability, performance or functionality of a network or service, or that compromises the confidentiality of the signals conveyed by it. I thank my noble friend Lord Naseby for his support for this approach.
I am genuinely slightly puzzled by the remarks of the noble Lord, Lord Coaker, about what is included and excluded, because Clause 1 goes into great detail—which I shall not read out now, but I know the noble Lord has looked at it. Not only do we define what is included in “compromise” but we are explicit about what is excluded. This comprehensive approach will help ensure that telecoms providers protect their networks and services properly in the future. It creates a new duty on providers to take steps to reduce the risk of incidents and attacks seen globally in recent years.
As we have heard, the amendments tabled by the noble Lords, Lord Fox and Lord Clement-Jones, would narrow the definition of a security compromise. As both noble Lords noted, this was also a matter that the Constitution Committee recommended the House consider in its recent report. As I have said, the definition is designed to support a long-term approach to security. It aims to be focused enough to address risks that are specific to telecoms networks. At the same time, it is broad enough to ensure the Bill is future-proof and has flexibility to enable us to address new and evolving threats.
I appreciate that the noble Lords are seeking to ensure that legal obligations on telecoms providers are targeted and appropriate to specific risks, but it is important to remember that the framework within the Bill is designed to do exactly that. Certainly, we are not aiming, in the words of the noble Earl, to bash suppliers over the head. Rather, the broad definition in the Bill helps future-proof the legislation, whereas the specific security measures which narrow that focus will be set out in secondary legislation. I tried to get my head around the thought experiment from the noble Lord, Lord Fox, but I got stuck at the idea of trying to fit inside a petri dish, which would definitely be impossible.
The Minister brought up the review, which was very clear that there are huge potential market failures within the security and resilience telecoms market, the reason being that security is not valued by the networks. It is other things, such as network connectivity and price, which are of maximum importance to those networks—things that might come under the word “anything”, for example.
Let us be clear about the four reasons given by the review that security is undervalued by networks: insufficient clarity on cyber standards and practices; insufficient incentives to internalise the costs and benefits of security; lack of commercial drivers, because consumers of telecoms services do not tend to place a high value on security; and the complexity of delivering, monitoring and enforcing contractual arrangements in relation to security. All four of those issues, which I think are driving the purpose of this Bill, involve the word “security”. Far from these amendments watering down the intent of the Bill, the Minister is watering it down herself by including the word “anything” and ignoring the word “security”. I do not expect her to accept these amendments now, but I would like the department to go away and think about this very carefully, because a catch-all Bill catches nothing.
I hear the noble Lord’s concerns. We will of course take back his comments and reflect on them again. However, I know that officials working on this Bill have considered these points in enormous detail and would be happy to meet the noble Lord and discuss them, if that would be helpful. We believe that our framework does not water down but balances future-proofing with the precision and specificity that the noble Lord seeks. I hope we can follow up on that in a separate meeting.
My Lords, I see a slight chink of light, perhaps, that may be opened by opened by a meeting with the Minister on this subject—because she will appreciate that none of the amendments tabled to the Bill, which we think is important, has been put down lightly, and definition is crucial.
I was somewhat baffled by the noble Lord, Lord Naseby, flying in his jet—I was thinking of perhaps pressing the ejector button, but I thought better of it. The idea that there is an analogy between flying a jet and what we are talking about here was a bit baffling. The only way that I could think of the analogy for a planned outage, which is exactly what the providers are worried about being subject to under this definition of “security compromise”, is where a jet does a planned manoeuvre and everyone scrambles and treats it as an incident—so I cannot see that his analogy holds at all.
I much prefer and give thanks for the contributions of the noble Earl, Lord Erroll, the noble Lord, Lord Coaker, and my noble friend Lord Fox, who, in doubling down on the points raised about the purposes of the Bill, illustrated exactly why we seek to have a much more precise definition. The big problem is that the flexibility demanded by the Government is effectively at businesses’ cost and causes uncertainty. That is the worry about the way that the Bill is currently drafted.
The Minister talked about future-proofing and doing it more precisely, in a sense, by setting out the duties by secondary legislation—but, of course, there are great concerns about the way that the secondary legislation is to be agreed and the codes of practice. So I suppose that, if I were going to ask for a quid pro quo, if there is to be a loose definition of “security compromise”, there must be a very tight way of agreeing the codes of practice and the secondary legislation—but I wonder whether the Minister will actually agree to that trade-off, as we go through the afternoon. I would like to have all of the amendments that we have tabled for today.
I really think that, when the Minister said that this would “undermine the whole approach”, it is good to have it in her script, but that is absolutely not the case. The last thing that we are doing by trying to tighten this definition is to undermine the whole approach; we are trying to create certainty for the providers so that, when they plan outages and there are other planned events, they are not caught by a sidewind when trying to comply with the terms of the Bill. This is a practical issue.
I understand what the Minister says about resilience and, to some degree, that is the case, but there is clearly a great deal of uncertainty surrounding the providers’ interpretation of the Bill, as it currently stands—and they are the ones that will be subject to this. As I said—without wishing to repeat myself too much—the Government’s impact assessment itself makes it very clear that the costs of this exercise, of having to comply with the Bill, are extremely uncertain at this point, and there is quite a lot of concern about that.
I am sure that, if we have a meeting with the Minister in due course, we will be able to persuade her to accept these amendments, and I look forward to it. In the meantime, I beg leave to withdraw Amendment 2.
My Lords, I speak to Amendment 11 in my name and welcome Amendments 7 and 12 in the names of the noble Lords, Lord Fox and Lord Clement-Jones. I was interested that the noble Lord, Lord Fox, referred to a chorus of agreement, which I certainly heard ringing out, expressing concerns about the role that Parliament should have in scrutinising on codes of practice that this Bill currently does not provide for. To me, the codes remind us that the Bill can provide us only with something of a framework, and for many areas there is a wait for the details to be filled in later. As the noble Earl, Lord Erroll, said, the devil, as always, is in the detail.
Clause 3 allows the Secretary of State to issue new telecom security codes of practice that will set out to providers the details of specific security measures that they should take. As we have heard referred to, the impact assessment states that these codes are the way in which the DCMS seeks to demonstrate what good security practices look like. However, I note that Ministers are proposing only to demonstrate but not actually to secure good practice, which I am sure is the real intent—and it would be very helpful if, through this debate, we could get to that place.
I am interested also to note and draw the Minister’s attention to the fact that the Government have said that these codes will be based on National Cyber Security Centre best practice security guidance. The Government have said that they will consult publicly, including with Ofcom and the industry, as we read in the Minister’s letter following Second Reading. That public consultation will be on implementation and revision. However, it strikes me as very strange that the National Cyber Security Centre is not a statutory consultee; can the Minister say why it is not?
I particularly make the point that, as the codes of practice will be admissible in legal proceedings, they have to be drafted accurately and we have to ensure that security input and expertise is fed into them. The National Cyber Security Centre, which is described as a bridge between industry and government and is, indeed, an organisation of the Government, would seem to be a body that should be, in a statutory sense, invited to make the input and offer its expertise, along with other departments and agencies. After all, we can see, when reading about the centre, that its whole reason for being is that it provides widespread support for the most critical organisations in the United Kingdom as well as the general public, and they are absolutely key when incidents, regrettably, occur. We are trying to address those incidents in respect of this Bill.
As we have heard from all noble Lords who spoke in this section of the debate today, the input needs to come from Parliament, which is why I tabled Amendment 11. As the Bill is drafted, the current reading is that a code of practice must be published and laid before Parliament, but there is no scrutiny procedure. I put it to the Minister that if codes have legal weight, why is Parliament being denied the chance to scrutinise them? We seem to have a complete mismatch there. I was taken by the words in the Delegated Powers Committee report, mentioned by the noble Lord, Lord Clement-Jones, in his introduction, which stated that this way of being was “unacceptable” and called for the negative procedure for codes. That is what Amendment 11 does. Can the Minister address specifically the words of that committee report? I refer her to paragraph 27, which says:
“In our view, the Department’s reasons are unconvincing … the fact that codes of practice would be produced after consultation with interested parties cannot be a reason for denying Parliament any scrutiny role; and … the Department appears not to have recognised the significance of the statutory effects of the codes of practice”,
as has been highlighted today. I therefore hope that the Minister will both comment on the report and seek to make what is a very important and significant change in this regard.
I will pick up on one additional point. The impact assessment also says that the codes of practice will have a tiering system for different-sized operators. The initial code will apply to tier 1, which serves the majority of businesses of critical importance to the United Kingdom. This will also apply to tier 2 medium-sized operators but with lighter oversight by Ofcom and longer timetables. Can the Minister offer a draft list of the operators in tiers 1 and 2, and can it be shared with noble Lords? I would also be interested to know whether the Minister has any concerns that tier 2 operators will somehow be worse at compliance. If she has those concerns, what support will be provided to small and medium-sized enterprises? I look forward to her reply.
My Lords, I have heard with interest the contributions of your Lordships regarding the parliamentary oversight of the secondary legislation and codes of practice associated with the Bill. I will try not to disrupt the harmony that broke out so agreeably.
Amendment 7 tabled by the noble Lord, Lord Fox, would apply the affirmative procedure to regulations made under new Section 105B in Clause 1. It would require secondary legislation to be laid in Parliament in draft and to be subject to a debate and a vote in both Houses. Both Amendment 11 tabled by the noble Baroness, Lady Merron, and Amendment 12 tabled by the noble Lord, Lord Fox, would require a statutory instrument to be laid in Parliament for the Secretary of State to issue or revise the codes of practice, under the negative or affirmative procedure respectively.
I will first address Amendment 7 and the procedure for the regulations. The Bill currently provides for the statutory instrument containing the regulations to be laid using the negative procedure. This is the standard procedure for instruments under Section 402 of the Communications Act. The only delegated powers in the Bill currently subject to the affirmative procedure are Henry VIII powers to retrospectively amend penalty amounts set out in the primary legislation.
Sorry, I have not quite finished.
I would call Amendment 15 a “good manners” amendment. If Ofcom possesses information that the network provider does not, it simply calls for that network to be brought into the loop before the rest of us are. That seems good manners to me—you do not necessarily have to legislate for that, but these days it always helps. I have now finished.
My Lords, I thank the noble Baroness, Lady Merron, and the noble Lords, Lord Clement-Jones and Lord Fox, for tabling these amendments to Clause 4 and for their considered remarks. As we have heard, these amendments speak to reporting requirements placed on industry in the event of a significant risk of a security compromise and the powers bestowed on Ofcom in the event of a compromise or the risk thereof.
Amendments 13 and 14 amend new Section 105J. As the noble Baroness, Lady Merron, summarised, new Section 105J is designed to give users of telecoms networks and services relevant information when there is a significant risk of a security compromise, including the steps that they should take to prevent such a compromise adversely affecting them. Giving users this information will help ensure that, where possible, they can take swift action to protect themselves. It will also contribute to greater awareness of security issues, supporting users to make more informed choices about their telecoms provider.
My Lords, I am sorry, as ever, to disappoint the noble Lord, Lord Clement-Jones. With regard to his first point, of course the relationship with providers is important, which is why we have worked so closely with industry throughout the preparation of the Bill. However, as the noble Baroness, Lady Merron, said so eloquently, the relationship with users is also very important; it is that balance that we are seeking to strike. I am sorry if the noble Lord found my remarks grudging or negative; there was a lot of thought behind them.
My Lords, this has been a healthy debate. I thank all noble Lords who have contributed on the various amendments. I certainly noted from her response to Amendment 13 in my name that the Minister shares my understanding of the issues for consumers. The debate has shone a light on the fact that it is not possible to simply put one set of interests above another. I felt in the course of the debate that it has been understood that, while fixed time periods may create an unintended consequence, as the noble Earl, Lord Erroll, said, they do ensure that things are not swept under the carpet. That is really where the amendment was seeking to probe.
I appreciate the point made that, while timescale is at the discretion of telecoms providers, there are certain requirements on them. I still have a sense of nervousness; I hope that, as we proceed with this legislation, the telecoms providers will understand the importance of acknowledging and responding to the very real concerns, interests and threats to consumers when they consider what the words “reasonable and proportionate”, as well as the words “timely manner”, mean. With that, I beg leave to withdraw my amendment.
My Lords, I have been very interested to hear the arguments put forward by the noble Lords, Lord Clement-Jones and Lord Fox, and the noble Earl, Lord Erroll. As we heard from the noble Lord, Lord Clement-Jones, in his opening remarks, concern about oversight is driving this section of the debate. As we know, Clause 13 ensures that when deciding an appeal against certain security-related decisions made by Ofcom, the tribunal is to apply judicial review principles without taking any special account of the merits of the case.
I understand that this does not apply to appeals against Ofcom’s enforcement decisions and that the Government have said that this ensures that it is clear that the tribunal is able to adapt its approach as necessary to ensure compatibility with Article 6, the right to a fair trial. My questions to the Minister are about the legal advice that the Government have received on this clause. What legal advice has been received? Is this external legal advice as well as internal legal advice?
The clause states that
“the Tribunal is to apply those principles without taking any special account of the merits of the case.”
Can the Minister explain what “special account” is expected to mean?
I thank the noble Lords, Lord Clement-Jones and Lord Fox, for tabling this amendment to Clause 13. I am aware that the noble Lord, Lord Clement-Jones, has spoken extensively on the standards of appeal in this House. As the noble Lord remarked, this matter was also raised in the Constitution Committee’s recent report, where it asked for further clarification about the reasoning for the changes made by this clause. I will attempt to address this point today and answer the questions from the noble Lord, Lord Fox, about what we are worried about.
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateBaroness Barran
Main Page: Baroness Barran (Conservative - Life peer)Department Debates - View all Baroness Barran's debates with the Department for Digital, Culture, Media & Sport
(3 years, 5 months ago)
Grand CommitteeMy Lords, I thank the noble Lord, Lord Coaker, for tabling these amendments and for his very generous opening remarks. He reminds us that we must remain vigilant about current and emerging threats to our telecoms networks. Rightly, he also urged the Government to communicate how we will do that in a way that makes sense to the public. Today, we are focusing on this Bill and how it is designed to protect our networks now and into the future.
As we heard, Amendment 18 calls for a body to be set up for the purposes of monitoring current and emerging threats to our telecoms sector. The amendment lists a number of committees, departments, organisations and agencies that should be represented on this body.
The noble and gallant Lord, Lord Stirrup, asked: if not here, where? I will try to answer that question in my remarks.
I assure noble Lords that we already have established procedures to monitor current and emerging threats to the telecoms sector. The National Cyber Security Centre undertakes regular risk assessments of such threats, and those assessments are used to inform government policy. For example, the code of practice the Bill will allow us to issue will be informed by the National Cyber Security Centre’s assessments.
In addition, the Government already have forums in which emerging threats and new technological developments are discussed with industry. The noble Lord, Lord Coaker, asked me to give examples of a particular domestic focus. This is one of them. For example, the National Cyber Security Centre’s network security information exchange is a trusted community of security professionals from across the telecoms sector who come together on a quarterly basis to discuss openly and share information on security issues and concerns. There are also established channels for the kind of cross-government and interagency working that the noble Lord’s amendment seeks to formalise. The Government do not see that it would be necessary to establish a new body corporate, which would simply risk duplicating the work of existing forums.
The noble Lord’s amendment would also make provision for Parliament to receive annual reports on current and emerging threats from this new body. The National Cyber Security Centre already publishes guidance as and when threats develop. Furthermore, as noble Lords are aware, the Intelligence and Security Committee is able to see and scrutinise the National Cyber Security Centre’s assessments of current and emerging threats. Given that there is already this provision for parliamentary oversight, I do not consider that laying a report before Parliament annually would be necessary.
Amendment 25 would require the Government to publish a long-term telecoms security and resilience strategy, covering various topics set out in the amendment, within six months of the Bill’s Royal Assent, and would require this strategy to be laid before Parliament. The Government share the noble Lord’s desire to ensure that this country is fully prepared to overcome future challenges to the security of our telecoms networks. However, the publication of such a strategy is, we feel, unnecessary because recent government reports and announcements, publicly available, already address these topics. The noble Lord will be aware that the Bill is the result of the recommendations put forward in the UK Telecoms Supply Chain Review Report, published in July 2019. That report, along with the Government’s announcements last year, has already set out our strategy for addressing telecoms security risks, particularly relating to supply chains.
In addition, we published our 5G Supply Chain Diversification Strategy last November. This includes our strategy for collaborating with allies on future network research and development, and influencing global telecoms standards. As I will touch on when we debate Amendments 24 and 28, this work is progressing well and the Government’s response to the recent diversification taskforce report, published earlier this month, sets out the steps we are taking to deliver on our goals.
More broadly, the Government’s approach to telecoms security and resilience is informed by cross-government priorities. These include the integrated review, published in March, which committed to launching a new comprehensive cyber strategy this year. The strategy will set out how we will build up the UK’s cyber resilience, deter our adversaries and influence tomorrow’s technologies so that they are safe, secure and open.
Alongside this, a national resilience strategy will ensure that our suite of systems, infrastructure and capabilities for managing the full range of resilience risks becomes more proactive, adaptable and responsive to future threats and challenges. Work is well under way to develop these cross-cutting strategies, and we will ensure that our approach to telecoms security and resilience continues to take them into account.
I think the noble Lord, Lord Coaker, and the noble and gallant Lord, Lord Stirrup, know very well that there is a tension between having a greater degree of focus in a strategy and a wider scope. We believe that we have struck the right balance in this area.
The noble Lord, Lord Coaker, asked about cyber deterrence. He may be aware that the Government will shortly bring forward legislation to counter state threats of the type he described. It will create new offences, tools and powers to detect, deter and disrupt hostile state activity by states targeted at the UK. He also referred, in the context of future-proofing, to the National Security Council. Among its responsibilities is examining forward-looking strategies.
The noble Baroness, Lady Northover, mentioned the role of the FCDO. Of course, she will know that the First Secretary of State provides leadership across departments to ensure that the Government’s response to cyberthreats and our ambition as a cyberpower are fulfilled.
My noble friend Lady Stroud talked about the Government being asleep at the wheel in relation to Huawei. I think that is a little harsh. The Government have always considered Huawei to pose a relatively high risk to the UK’s telecoms networks compared with other vendors. A risk mitigation strategy has been in place since Huawei began to supply equipment to UK public telecoms providers. Obviously, the Government have announced extensive advice to manage those security risks based on the work of the experts at the National Cyber Security Centre. Most recently, the Secretary of State announced advice that providers should remove all equipment made by Huawei from 5G networks by the end of 2027.
The noble Lord, Lord Coaker, asked about the presence of security experts on the recently announced diversification council. I can confirm that a senior official from the National Cyber Security Centre will attend to provide that expertise.
The noble Earl, Lord Erroll, asked what parliamentary scrutiny there was of Ofcom. The chief executive and other senior officials from Ofcom give regular evidence to parliamentary Select Committees, including an annual scrutiny session with the DCMS Select Committee, and it also lay its annual report and accounts before Parliament.
I hope I have managed to address most of the points raised and to reassure your Lordships that, while we recognise the very valid questions that have been asked, we believe that we have the balance right in terms of co-ordination and strategy. With that, I ask the noble Lord to withdraw his amendment.
I thank the Minister and other speakers for this debate, which is really important. The Minister was basically saying in her response, “Don’t worry, we’ve got this covered.” If the Government did indeed have it covered, I suggest that ripping out 40% of the 5G network at the cost of several billion pounds to the industry is a pretty poor cover. The point made by the noble Baroness, Lady Stroud, that it took Back- Benchers to highlight this rather than the Government was particularly apposite.
The Minister portrayed the decision to remove Huawei almost as if it was a success of the process. Will she acknowledge that these billions of pounds are growth that we will not get, that they are investment in this country that has been wasted, and that it has put the country in danger in the process? Will she further acknowledge that there might be others who are able to help in the process of avoiding a repeat of what is a huge debacle?
I tried to present the breadth and depth of approaches that the Government are taking to address this incredibly serious and complex problem. If I may borrow the word used by the noble and gallant Lord, Lord Stirrup, we have tried to show some agility in responding to changing circumstances. The noble Lord will be aware that there were changes to the US foreign-produced direct product rules in May 2020 which changed the risk profile of our engagement with Huawei, and we acted on that, so I do not feel that I have to apologise at this point.
I thank the Minister for her reply and for again seeking to answer the questions. We may well have to come back to some of this, but I take the point that the Government are seeking to address current and emerging threats; I just think that this needs to be more clearly stated in the Bill. The Minister gave examples of cross-government working. We all know that there are examples of cross-government working, but the Committee is saying—I think that there was agreement across the Committee—that sometimes there is a need for a mechanism to ensure that it happens. It may be that another body will do that more effectively in the face of the threats that we face now or may face in the future—it may be that we seek to replace rather than add a body. The Government may want to consider that.
My Lords, I commend the noble Lord, Lord Coaker, and my noble friend Lady Northover for this amendment, which I would have signed had she not done so already. We heard at Second Reading an excellent speech from the noble Lord, Lord West, explaining not only why this amendment is important but why certain figures who would normally speak in this debate are not doing so. He explained that the ISC is seeking to change its MoU. As such, he and others would not speak in this particular debate.
However, we have an analogous debate to refer to, which has already been mentioned. Those of us who are veterans of the National Security and Investment Bill have been through this already. I think the noble and gallant Lord, Lord Stirrup, is the only other person in this Room who was involved in it. I certainly spent some of my life on that Bill.
We sent back to the Commons an amended version of that Bill. Your Lordships adopted an amendment not dissimilar from the one in front of the Committee today. That decision was made, as we heard from the noble Lord, Lord Coaker, because the BEIS Select Committee is not enabled to deal with the level of security information it needs to properly scrutinise the operation of BEIS for the National Security and Investment Act. There is exactly the same situation here. I gather, anecdotally, that the BEIS Committee is already hitting issues with getting the information it needs under that Act.
We also heard anecdotally on Tuesday of the debacle over the Newport Wafer Fab, where the BEIS Secretary of State has failed to use the power given to him by the National Security and Investment Act to do something around national security. The noble Baroness, Lady Stroud, is no longer in her place, but once again the ministry was forced by Back-Bench action to reconsider what it was doing. This should not be how things work. It is beginning to look like these are rhetorical points, rather than actually being usable. I hope the same fate does not befall this legislation and that it actually gets used rather than shelved. But in the same way as BEIS, DCMS will have a Select Committee that cannot access the information it needs to scrutinise the activities covered in this Bill.
The noble Lord, Lord Coaker, notwithstanding the stifling atmosphere of this Committee Room, managed to do a very close approximation of complete incredulity over why the Government should not listen to this fantastic advice. I can say that, having gone through the last Bill and seen how resistant the Government are to advice of this sort, this is neither an accident nor a sin of omission. This is a sin of commission. The Government are very clear that they do not want proper scrutiny of what they are doing, and if this Bill remains as it is, there will not be the scrutiny that is needed. Neutering of that scrutiny is not an accident but a deliberate act of the Government.
My Lords, I thank the noble Baroness, Lady Merron, for tabling this amendment, and the noble Lord, Lord Coaker, for moving it. The role and remit of the Intelligence and Security Committee, as noble Lords have remarked, have been raised a number of times in the other place and at Second Reading of this Bill, so I welcome the opportunity to clarify how appropriate oversight of the Bill’s national security powers will be provided for in the Bill and through existing mechanisms.
Amendment 22 would require the Secretary of State to provide the Intelligence and Security Committee with copies of designation notices and designated vendor directions when such notices, or parts of them, are withheld under Section 105Z11(2) or (3) in the interests of national security. It would also require the Secretary of State to provide copies of notifications of contraventions, confirmation decisions, the reasons for giving urgent enforcement directions when withheld under Section 105Z22(5), and the reasons for confirming or modifying such directions when withheld under Section 105Z23(6).
I will try to correct the suggestion made by the noble Baroness, Lady Northover, and the noble Lord, Lord Fox, that the Government are trying to avoid parliamentary scrutiny on this particular point. That simply is not borne out by the way that the Bill is drafted. We are very clear about where parliamentary scrutiny should take place. I recognise the desire of your Lordships for the Intelligence and Security Committee to play a greater role in the oversight of national security decision-making across government, including in relation to this Bill. As I mentioned earlier, through the oversight of the National Cyber Security Centre, the Intelligence and Security Committee can request information around NCSC advice on, and activities relating to, high-risk vendors.
However, this amendment would extend the role of the Intelligence and Security Committee in an unprecedented way. As noble Lords are aware, the activities of the Department for Digital, Culture, Media and Sport are not within the ISC’s remit. That committee’s remit extends to the intelligence agencies and other activities of the Government in relation to intelligence or security matters, as they are set out in its memorandum of understanding.
The noble Lord, Lord Coaker, asked what he called the “central question” of how this will work in practice in terms of security access. My understanding is that according to the Osmotherly rules detailing how the Government may share information with Select Committees, members of the Digital, Culture, Media and Sport Committee are able to view and handle classified and other sensitive material, subject to agreement between the department and the chair of the committee on appropriate handling. Documents may also be shared with the chair of the DCMS Committee on Privy Council terms, subject to agreement between the committee chair and the department.
The advice of the intelligence agencies will not be the only factor that the Secretary of State will take into account when deciding what is proportionate to include in a designated vendor direction. As well as the advice of the National Cyber Security Centre, the Secretary of State will consider, among other things, the economic impact, the cost to industry and the impact on connectivity caused by the requirements in any designated vendor direction. The ISC does not have the remit to consider non-security issues such as the economic and connectivity implications of the requirements in designated vendor directions. The Digital, Culture Media and Sport Select Committee can consider those wider aspects and that is why it is the correct and appropriate body to see copies of designation notices and designated vendor directions that are not laid before Parliament. Any future changes to the ISC’s remit would be best managed through consideration of the Justice and Security Act 2013 and the associated memorandum of understanding.
For the reasons that I have set out, I am unable to accept the amendment and I hope that the noble Lord, Lord Coaker, will therefore withdraw it.
I thank the Minister for her reply. The Government are going to have to reconsider this matter. The explanation of what can or cannot be looked at is very unclear. The purpose of the amendment is to make it clear through the legislation that the Intelligence and Security Committee would have an automatic right to look at some of the threats, rather than it being the judgment of someone, who has to consult someone else to make a decision. That is the whole point. It should not be a question of someone deciding after discussion whether the matter should go forward; there should be a requirement in the Bill that that be done.
The point that I keep making is that at security clearance level 3, hardly anyone in the country could look at this matter, but there may well be aspects of a threat to telecommunications from a state that are at that level. All that any of us is saying is that of course Parliament should not be openly told about it, but that does not mean that there should be no scrutiny by the committee set up with that express purpose, so that we have oversight and scrutiny of even the most highly classified information. It would be a great credit to our democracy if the even highest level of security threat were subject to a check, set up by Parliament.
I and the Committee are saying to the Minister that this matter needs to be reconsidered. Even the Government, in response to the debate in the other place, have said that they are going to look at the next annual report of the Intelligence and Security Committee to see whether its remit should be extended to include the DCMS Committee. The Government are therefore aware that there is a problem here and say that they will look at this issue. We are trying to horizon-scan here and are saying that this will be a problem if this proposal is not included in the Bill.
I honestly believe that the Government really are going to have to look at this. I am going to repeat that because it is so important. The Minister herself, even the Secretary of State, will not know of some of this. The noble and gallant Lord, Lord Stirrup, knows how many people know, but it is very few. Yet the Intelligence and Security Committee was set up to consider this issue and we are saying that there should be measures in the Bill to deal with it.
The reason why the noble Lord, Lord Fox, and I are incredulous is that this just does not logically hold together. This is not an opinion but a fact: if the Bill goes through unamended, we in Parliament will not be able to look at the security threats that people are making decisions about. It is accepted that not everybody should be told about such things—of course not—but I doubt whether Parliament thinks that this situation is acceptable. I ask the Minister to reconsider that.
I thank the various noble Lords for their contributions. I will speak to Amendment 24, which bears my name, but I recommend that the noble Baroness, Lady Stroud, reads the Chancellor’s Mansion House speech, in which he calls for a nuanced relationship with China. Failing that, she could read my speech on the first group of amendments, in which I challenged how nuanced a relationship can be with a country threatening both our security and that of its own people. At the heart of the Government’s challenge is to be all things to everyone in this argument. They are doomed to fail if they try to do that.
I turn to the amendment I am supposed to be speaking to. As we discussed at Second Reading, there are essentially three strands to the diversity strategy. The first leg is supporting incumbent suppliers. I was corrected by the Minister: this refers not to domestic suppliers but suppliers we already have, presumably— although it is not explicit—with the ones we do not want having been weeded out. The second is attracting new suppliers into the UK market, and the third is accelerating open interface solutions, which I assume helps the second of those strands in particular.
There is not a strand about growing a domestic industry; some of us—I am one of them—were confused about this. It mostly seems to be about taking advantage of other countries’ businesses that we can trust—or think we can at the moment; I refer the Committee to earlier comments by the noble Earl, Lord Erroll, about today’s allies not always being tomorrow’s allies—rather than massively growing our own national capability. Bearing in mind those three legs, it would be helpful to hear from the Minister how the improvement in the domestic share of this market is planned.
In her letter to many of us on the subject of diversification, the Minister made the point that Vodafone has already attracted six new suppliers, two of which were Samsung and NEC, into the market through the open RAN deployment. I think I asked her at Second Reading when open RAN would become a significant player in telecoms delivery in this country. If she gave an answer then I am afraid I mislaid it, so can she tell us when open RAN will become a significant player or whether it is something of a sideshow? I do not mean that in a bad way; it is a recognition of where it really is in the market at the moment.
The biggest challenge I have with this is that the Government have launched a lot of strategies. They usually come with a glossy document and a picture of a smiling Secretary of State. I can confirm that this strategy is no exception. We have a very nice picture of the Secretary of State, Oliver Dowden, on page 3, but it does not come with a timeline and a delivery plan. The Government would not issue a strategy if they did not have a delivery plan, so I am sure there must be one. I think it would help us all if we understood what the delivery plan is. Perhaps the Minister could share with the Committee the timeline for the delivery of this strategy, otherwise many of us might suspect that it is something that gets only launched, not delivered. I understand that money has been put into it but, again, that does not guarantee that outcomes will be forthcoming.
This amendment has been tabled to reveal how that timeline is going and how the outcomes are being delivered. That is what it is for. It would enable the Government’s spending of taxpayers’ money on delivering this strategy to be tracked by Parliament. That seems a perfectly reasonable function for Parliament to have.
The Minister might come back and say that DCMS is being asked to lay all sorts of things before Parliament. If that is the case, I think that all of us, including me, the noble Baroness, Lady Merron, who spoke very capably on this, the noble Earl, Lord Erroll, the noble Baroness, Lady Stroud, and others are quite capable of coming up with a composite annual report that covers not just the items in Amendment 24, but those in Amendment 25 on strategy, Amendment 23 on Ofcom’s performance, and Amendment 26 on skills. Taken together, I am sure we could put together a composite annual report in the next round of discussions that would save DCMS having to make several different annual reports. I suspect that that might be a way forward and look forward to the Minister embracing this idea, because of course DCMS wants to demonstrate how it is delivering its diversification strategy.
I am grateful to all noble Lords for their contributions to this short debate and consideration of the Government’s ambitious diversification strategy. The amendment tabled by the noble Baroness, Lady Merron, raises the important issue of diversification, which I know is of great interest to your Lordships, as it was to Members in the other place. Diversification is a key part of the Government’s broader approach to ensuring that our critical networks are healthy and resilient. That is why the Government set out their 5G diversification strategy last autumn, and we are fully committed to ensuring that this strategy comes to fruition.
Our long-term vision for the telecoms supply market is one where, first, network supply chains are disaggregated, providing network operators more choice and flexibility; secondly, open interfaces that promote interoperability are the default; thirdly, the global supply chain for components is distributed across regions, creating resilience and flexibility; fourthly, standards are set transparently and independently, promoting quality, innovation, security and interoperability; and finally, security and resilience is a priority and a key consideration in network design and operation. However, the Bill focuses on setting clear security standards for our public networks and services. As the noble Baroness, Lady Merron, pointed out, although diversification is designed to enhance security and resilience, not all diversification activity is relevant to the security and resilience of our networks. That is why we believe the amendment would not be appropriate.
The Government have already made progress since the publication of our strategy, including the creation of the Telecoms Diversification Taskforce, which set out its recommendations in the spring. Work is already under way to implement several of those recommendations. Research and development was highlighted by the task force as a key area of focus in order to promote open-interface technologies that will establish flexibility and interchangeability in the market. As raised by the noble Baroness, Lady Merron, and the noble Lord, Lord Fox, it will also allow a range of new smaller suppliers to compete in a more diverse marketplace.
That is why the Department for Digital, Culture, Media and Sport was delighted to announce the launch of the future radio access network competition on Friday 2 July. Through this, we will invest up to £30 million in open radio access network research and development projects across the UK to address barriers to high-performance open deployments. This competition is part of a wider programme of government initiatives, which includes the SmartRAN Open Network Inter- operability Centre—more friendlily known as SONIC Labs—a facility for testing interoperability and integration of open networking solutions, which opened on 24 June. A number of leading telecoms suppliers are already working together through this facility.
We welcome recent announcements from operators including Airspan, Mavenir, NEC and Vodafone to introduce open radio access networks into their infrastructure. This demonstrates that industry is working alongside us, here in the UK, to drive forward the change needed in the sector. We continue to work with mobile operators, suppliers and users on a number of other important enablers for diversification; for example, we are developing a road map for the long-term use and provision of legacy network services, including 2G and 3G. Alongside this, the Government have led efforts to engage with some of our closest international partners, including the Five Eyes, to build international consensus on this important issue.
We are also working to deliver on UK issues in standard- setting bodies, and working with industry, academia and international partners to ensure that standards are set in a way that aligns with our overall objectives. Ensuring that standards are truly open and interoperable will drive market growth and diversification. Through the UK’s G7 presidency, we took the first step in discussing the importance of secure and diverse supply chains among like-minded partners and the foundational role that telecommunications infrastructure, such as 5G, plays.
The noble Baroness, Lady Merron, asked how we were planning to spend the initial £250 million, which we announced to kick off work to deliver our key priorities. These priorities have been informed by the recommendations of the Telecoms Diversification Taskforce and include: establishing a state-of-the-art UK telecoms lab; exploring commercial incentives for new suppliers; launching test beds and trials for new technologies such as open RAN; investing in an R&D ecosystem; and seeking to lead a global coalition of like-minded partners on an international approach to diversification. In response to questions from the noble Baroness and the noble Lord, Lord Fox, about the growth of UK businesses, we have been clear that we are focused on investing in the UK and in UK businesses, but do not think that a UK-only solution is a wise or realistic option.
We are working closely with operators and suppliers to develop targeted measures that address the needs of industry to deliver our long-term vision for the market. We responded to the task force’s findings in July and outlined our next steps and the use of that initial investment. If the noble Earl, Lord Erroll, has not seen the government response, I am sure he would find it interesting. It also sets out our plans to create a diversification advisory council, which will meet quarterly. I hope that responds to his question.
Before I comment on that excellent speech from the noble Baroness, Lady Merron, I want to return to the answer that the Minister gave on the Newport Wafer Fab issue, which proves the point that we were making on the need for the ISC to be involved. Regarding the ISC issue, the Government furnished themselves with the National Security and Investment Act, which was supposed to deal with issues such as this. However, the Prime Minister has chosen to refer it back not to the people running that unit but to the National Security Adviser, which proves the point that someone with access to national security information is needed to make decisions of this nature, rather than an organisation that does not have access to the information. It absolutely proves the point that our amendment on the ISC is completely appropriate, just as it was appropriate for the BEIS analogue of what is happening here.
The noble Baroness, Lady Merron, made an excellent speech and I am not going to attempt to adorn it either with my normal flippancy or with detail. There is just one issue that I wish to raise regarding Simon Blagden. Are there any outstanding legal liabilities from his time at Fujitsu? In other words, has his activity been fully exonerated or is there potential legal recourse? Other than that, I echo the point that perception of these issues is as important as reality. If the Government continue to operate in a black-box way, everybody will assume that things are going on that they cannot see and that should not be happening. It is therefore in the Government’s interests to be transparent about how that person in particular was appointed and how the advisory council will operate.
My Lords, I thank the noble Baroness, Lady Merron, for tabling the amendment and for giving me an opportunity to provide an update on the work of the Diversification Taskforce and the new diversification advisory council.
The Government recently announced the council, building on the work of the Diversification Taskforce, chaired by my noble friend Lord Livingston of Parkhead. I should like to take this opportunity to offer my thanks to him and the taskforce members for volunteering their valuable time and knowledge to their excellent review. Their recommendations and expertise will remain crucial to helping us bring greater resilience and competition to our future networks as the taskforce now transitions to the new diversification advisory council.
The Government recognise that diversification is a broad and complex issue relating to matters of security and resilience, technology and geopolitics. It is for this reason that we sought the advice of the experts appointed to the diversification task force. Many of the task force members will continue to provide advice as part of the new advisory council. In appointing the membership of the advisory council, the Government have followed all standard processes. The Government have ensured that the council comprises experts from both industry and academia across a wide range of subject matters, including security, of course.
My Lords, I thank the noble Lords, Lord Fox, Lord Clement-Jones and Lord Alton, for tabling this amendment. The noble Lord, Lord Fox, has set out why they believe this definition of a public electronic communications network is needed. I also appreciated his reference to the importance of consumers, who, after all, are core in all our discussions.
It is important to hear from the Minister whether she believes that this definition is limiting for security purposes and what impact it would have. Perhaps she can advise on whether she feels that anything is missing which should be in there. Would this definition inhibit the future-proofing ability of the Bill? I look forward to hearing from the Minister.
This amendment seeks to clarify the definition of a public electronic communications network contained within Section 151 of the Communications Act 2003. I thank the noble Lord, Lord Fox, for moving it. It aims to do this by including specific examples of networks and systems covered by that definition.
In response to the noble Lord’s first question, three of the suggested examples in the amendment are already covered by the current definition of public electronic communications network, to the extent that they are electronic communications networks
“provided wholly or mainly for the purpose of making electronic communications services available to members of the public”.
These three examples are: landline communication systems; mobile data, audio and video networks; and satellite-delivered networks.
However, as the noble Lord explained, the amendment also refers to “digital surveillance networks”. I understand that the noble Lord is referring principally to CCTV and other similar technologies of the kind used by law enforcement and local authorities for specific surveillance purposes. These types of technologies have been raised by a number of noble Lords in previous debates, including the noble Lords, Lord Alton and Lord Fox. Such closed networks do not fall within the definition of a public electronic communications network as set out in Section 151 of the Communications Act. That definition refers to an electronic communications network that is provided
“wholly or mainly for the purpose of making electronic communications services available to members of the public”.
I emphasise “wholly or mainly”, because the noble Lord gave examples of where services might be provided which could reach a member of the public, but not “wholly or mainly”.
The powers in the Bill are intended to create a stronger regulatory and legislative framework to protect against the security threats to our public electronic communications networks and services, such as those provided by companies such as BT and Vodafone. Public networks are those most widely used by businesses and the public and it is right that the Bill should focus on the protection of those networks. Furthermore, any change to the definition of public electronic communications networks to include CCTV and other similar networks to which the noble Lord referred would affect other sections of the Communications Act beyond those relating to security. That is because the current definition of a public electronic communications network is used across Chapter 1 of Part 2 of the Act, and not only in Sections 105A to 105D, which this Bill replaces.
The consequences of such a change would be wide-ranging. For example, Section 127 creates a criminal offence of improper use of public electronic communications networks, as defined by Section 151. If the definition changed, the scope of those caught by that offence would also change. It would also affect other legislation that makes reference to the Act’s definition, such as the Privacy and Electronic Communications (EC Directive) Regulations 2003 or the Insolvency Act 1986. Any such change to the definition would therefore have substantial unintended impacts for providers of digital surveillance networks and for many other entities, including Ofcom, of course.
The noble Lord also asked how the security of digital surveillance networks could be assured. There is of course already legislation and extensive guidance in place to assure security and prevent the abuse of information gathered by CCTV and surveillance camera networks. As noble Lords will be aware, the Information Commissioner’s Office is the UK’s independent regulator for data protection and is responsible for providing advice and guidance on compliance with the UK’s data protection laws. All organisations in the UK that process personal information must comply with the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018. The Information Commissioner’s Office has issued a specific data protection code that provides recommendations on the use of CCTV systems to help organisations comply with the Data Protection Act.
The Information Commissioner’s Office’s code and the Data Protection Act ensure that any personal data gathered via CCTV and similar networks is kept confidential and subject to the highest protections, including secure encryption of data. Where closed networks, such as CCTV and other similar surveillance technology, are used by public bodies or within critical national infrastructure, there are specific arrangements in place. Lead government departments, advisory partners —including the National Cyber Security Centre—and regulators work with infrastructure owners and operators to manage and mitigate the risk of security issues. There are, therefore, already adequate measures in place regarding safe deployment of CCTV and other similar surveillance technologies within the UK. Indeed, we are strengthening the actions we can take in this area.